[lxc-users] apparmor dhclient denied, no network, something wrong with 2.12?

Stéphane Graber stgraber at ubuntu.com
Sun Mar 26 23:56:43 UTC 2017


lxc profile show default

Chances are you have the config key which instructs LXD to disable DHCP
in the containers and causes /etc/network/interfaces in the containers
to say "iface eth0 inet manual" as a result.

On Sun, Mar 26, 2017 at 10:18:31PM +0000, Spike wrote:
> so more info. I actually tried to wipe everything and install from the lts
> ppa, but got the same behavior, so it's not 2.12 (the lts ppa has 2.0.9).
> The other thing worth nothing is that static assignment works, so this
> doesn't seem a problem with the bridge (fwiw there are 4 eth bonded and the
> bridge is on the bond):
> 
> +--------+----------+---------+---------+
> |  NAME  |   TYPE   | MANAGED | USED BY |
> +--------+----------+---------+---------+
> | bond0  | bond     | NO      | 0       |
> +--------+----------+---------+---------+
> | eth0   | physical | NO      | 0       |
> +--------+----------+---------+---------+
> | eth1   | physical | NO      | 0       |
> +--------+----------+---------+---------+
> | eth2   | physical | NO      | 0       |
> +--------+----------+---------+---------+
> | eth3   | physical | NO      | 0       |
> +--------+----------+---------+---------+
> | lxdbr0 | bridge   | NO     | 1       |
> +--------+----------+---------+---------+
> 
> ## the container:
> architecture: x86_64
> config:
>   volatile.base_image:
> 2cab90c0c342346ea154bc2e8cacdae752a70747a755ce1f2970c9a9ebb5fe8c
>   volatile.eth0.hwaddr: 00:16:3e:bb:05:c5
>   volatile.idmap.base: "0"
>   volatile.idmap.next:
> '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
>   volatile.last_state.idmap:
> '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
>   volatile.last_state.power: RUNNING
> devices:
>   root:
>     path: /
>     pool: default
>     type: disk
> ephemeral: false
> profiles:
> - default
> 
> the image is a fresh download of xenial from the ubuntu mirror.
> 
> again static assignments works, the problem is exclusively with dhcp.
> 
> thank you for any input,
> 
> Spike
> 
> On Sun, Mar 26, 2017 at 1:54 PM Spike <spike at drba.org> wrote:
> 
> Hi,
> 
> can't seem to get dhcp to work anymore on containers and I don't get why. I
> have 3 servers, all 3 set up the same way (from ansible). on the third
> which I just rebuilt lxc gets no network. Instead on the host's logs I get
> this:
> 
> audit: type=1400 audit(1490560798.485:349): apparmor="DENIED"
> operation="file_perm" namespace="root//lxd-log_<var-lib-lxd>"
> profile="/sbin/dhclient" name="/apparmor/.null" pid=8928 comm="dhclient"
> requested_mask="w" denied_mask="w" fsuid=100000 ouid=0
> 
> lxc config set my-container raw.lxc lxc.aa_profile=unconfined did not help.
> It seems related to this bug, but not sure:
> 
> https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1654624
> 
> the only difference I can see between the host that doesn't work and the
> one that does is the version of LXD, 2.12 on the host that doesn't work and
> 2.11 on the others (installed from ppa on ubuntu xenial).
> 
> any thoughts?
> 
> thanks,
> 
> Spike

> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170326/6660818d/attachment.sig>


More information about the lxc-users mailing list